ARTICLES

Phishing Scandals - Don't Get Hooked

12th March 2024

 

Shane McMillan Titan DMS

Comment: Shane McMillan, Sales & Implementation Consultant, Titan DMS.

 

Business email compromise scams. Four words that describe $13m of losses over approximately 981 cases in Australia between 1st January and 30th September 2023 according to the ACCC.

It’s a significant, and growing, problem for dealerships and customers, as two recent high-profile cases illustrate (see: https://bit.ly/3wOrp0M and https://bit.ly/3wLFgoB). 

The scam is relatively straightforward. A threat actor intercepts emails between a dealership and a customer that contain invoices. The invoices are doctored with alternative bank account details and the customer settles to the wrong account.

The issue may only be discovered once the payment discrepancy is followed up, meaning multiple payments could have been made in that time.

How are the emails intercepted? Unfortunately, there are several ways and fault is not necessarily easy to attribute, nor does it have to result from a traditional data “hack”, it can be a simple lack of following secure procedures at either end.

No matter where the fault lies, the pain is always shared, either financially or emotionally, between both parties. Whilst there may be a sigh of relief if it wasn’t your system at fault you still have an angry and frustrated customer to deal with and the high potential for negative publicity (as the two articles above prove).

So, it’s in both party’s interest to invest in up-to-date systems and processes that reduce the risk of this type of issue.  

Here are some first steps to consider:

  1. Training and Awareness – making your team aware of these types of attacks and some basic procedures and practices that can prevent them will keep vigilance high and provide a first line of defence. (see: https://bit.ly/3ToXRA1
  2. Payment Security Process – Set up payment security processes with your finance team. Can bank account details be sent by encrypted transfer or confirmed by SMS?  Can an initial micropayment be requested and confirmed by phone on receipt? Simple process improvements could provide a safety net with little extra investment.
  3. Enable multi-factor authentication on email accounts (see: https://bit.ly/3V9jqWe). 
  4. Block automatic outbound email forwarding rules it may be that your email software allows you to block this practice at a company level and prevent your emails from being forwarded to the threat actors directly.
  5. Establish security credentials. What software and systems is your business using to hold and transfer valuable data? What is your level of knowledge or trust in those systems?  Older systems can be built on compromised technology; investigate and consider an upgrade if you’re in any doubt.

As we mentioned in our previous article on cyber security (here: https://bit.ly/3T4nGUA), there is no failsafe means of protecting your business from potential threats. However, the steps above go some way to making any compromise significantly more difficult. 

Ultimately, retailers want to be protected without excessive costs or friction, and buyers want to feel secure without being overburdened by process.

Hopefully, some of these simple protections can be put in place and viewed by both parties as an improvement in the overall customer experience.

Regards

Shane

 


For a guide to preventing email attacks and an emergency response guide should that happen, visit the Australian Cyber Security Centre here: https://bit.ly/49ZeIP1.

For support in protecting your business against cyber threats, the Australian Signals Directorate has created The Essential Eight guide that you can view here: https://bit.ly/3IsF5RH 

Other stories on our Blog
Meet Shane Mifsud
Shane MIfsud
New BDM for Victoria and Tasmania, Shane Mifsud, was next in line for our quickfire questions to get to know him a little better.  Here's what he said!
Meet Amanda Dexter
Amanda Dexter
We put Business Development Manager for New South Wales, Amanda Dexter, through our rigorous questioning so we can get to know her a little better.  Here's what she said!
Get To Know Titan
Titan Overview Featured Image
Time is precious, so we challenged ourselves with the fun task of seeing how much of an overview we could give on the Titan business, people, and technology in under a minute.
The Eternal Tech Dilema
tech dilemma feature
If you know you need to drive technology change in your business where do you start? Here are some thoughts that we hope prove useful in establishing direction.
Phishing Scandals
Hacker Phishing
"Business email compromise scams". Four words that describe $13m of losses over approximately 981 cases in Australia between 1st January and 30th September 2023 according to the ACCC.
Meet Nicole Bedingfeld
Nicole Bedingfeld
We submitted our Head of People & Culture, Nicole Bedingfeld, to a quick interrogation so we can get to know her a little better. Here's what she said!
Automotive Cybersecurity
Cybersecurity threats are top of mind for many in the automotive industry as we head into 2024...
Titan's Values-Driven Approach
In a world of digital solutions, we believe people still make the difference.
Titan Launches In Japan
Titan DMS is delighted to announce our launch into the Japanese automotive market. 
Key Appointments: Gearing Up For Growth
As Titan DMS accelerates its global expansion in 2024, we spent the last few months of 2023 getting foundations in place to capitalize on several significant opportunities in Australia and international markets.
BMW Thailand: Network Roll-Out Success
The implementation of Titan DMS software across Thailand's BMW dealer network has now been completed. This marks the successful conclusion of an extensive three-year deployment project and signifies a major milestone for Titan in our international development.
Helping You Get More From Titan
Meet Gary Creer, our new Product Utilisation Specialist here at Titan.
Super-Charge Productivity At Onboarding
One of the most common challenges facing automotive dealerships every day is staff turnover. With an industry that sees staff transition rates anywhere between 30-50%, ensuring new staff reach minimum productivity levels in the shortest time possible is essential.
Customer Satisfaction - KPI Improvements
A key pillar of Titan’s DMS offering is the provision of a knowledgeable and empowered customer service team that can provide reliable and timely support to keep our dealer and OEM customers working.
Titan 2024 - The Road Ahead
As we step into the new year, 2024 provides us with exciting growth opportunities at home and abroad, and our recruitment drive to fill these opportunities is already well underway.